Apple issues warning to all 1.8bn iPhone users over ‘extremely sophisticated’ spyware attack

Apple has released an urgent iOS update, urging its 1.8 billion iPhone users to download it immediately.

The iOS 26.3 upgrade fixes 39 vulnerabilities that could allow hackers to view private information, crash apps, or take control of a device through physical access or malicious files and websites.

While all 39 issues have been patched, Apple has highlighted a particularly serious zero-day vulnerability in the dynamic link editor (dyld) that governs how apps run on iPhones.

Security experts have described the system as ‘your iPhone’s doorman’; because every application must pass through this system in order to work, and the system normally isolates applications from private data.

This flaw allows attackers to bypass these checks and run malicious code before security measures stop them.

Apple is aware of a report that this issue in iOS versions prior to iOS 26 may have been exploited in a highly sophisticated attack against specific target individuals, the tech giant said in a statement on its support page.

Apple has addressed dyld and other flaws with stronger protections to prevent apps from evading restrictions, stop memory errors, and prevent unauthorized access to personal data. Installing the update as soon as possible is critical to keeping devices and personal information safe.

To update your iPhone or iPad, check if the latest version is available by going to Settings > General > Software Update, then follow the instructions to install it.

Users can also enable automatic updates on the same screen to stay updated.

Security updates cover iPhones, iPads, Macs, Apple Watches, Apple TVs and Safari; all designed to fix vulnerabilities that could be exploited through malicious files, websites, or physical access.

Exploiting the Dyld zero-day flaw allows hackers to run any code on a device, potentially installing spyware or a backdoor without the owner realizing it.

Malwarebytes security researcher Pieter Arntz said such attacks are particularly dangerous because they are stealthy and can run undetected for long periods of time.

Experts have said that attacks using dyld zero-day could be secretly installing spyware, making iOS 26.3 one of the most significant iPhone updates ever, according to Forbes.

Spyware often targets business users, government employees, dissidents, and journalists, but ordinary users can also be affected.

“Anyone can suffer collateral damage,” said Javvad Malik, chief security awareness advocate at KnowBe4. Forbes.

‘The practical takeaway is to install updates as soon as they become available.’

Adam Boynton, Jamf’s senior director of corporate strategy, told Forbes that businesses are particularly vulnerable.

‘For most organizations, there’s a dangerous gap between Apple shipping a fix and actually protecting your business, sometimes of days, sometimes weeks, sometimes never.’

The seriousness of the flaw lies in the fact that it gives attackers full control of the device.

Instant updating for individual users is the simplest and most effective way to protect personal information and prevent attackers from gaining access.

Spyware attacks linked to the iOS 26.3 zero-day flaw are particularly dangerous, and anyone who might be targeted should take precautions.

Warning signs may include rapid battery drain, overheating, or unfamiliar apps appearing on your device.

If an iPhone is compromised, the safest approach is to stop using it immediately; but restarting can sometimes cause malware to temporarily shut down.

Security experts also recommended restarting your device regularly, avoiding unwanted links or attachments, and verifying messages with trusted sources.

Apple notifies users it thinks have been targeted, but these alerts never ask you to click links, download files, or provide a password or verification code.

Apple’s Lockdown Mode offers the strongest defense against spyware for those who want maximum protection, especially high-profile targets, but it limits some device functions.